Here’s what to do when you use two-factor authentication and lose your phone

“953905 is your one-time password. Do not share it with anyone.”

If you’ve ever received a text message like this from your bank, your cable company or Amazon, you’re using two-factor authentication to secure your online accounts. Nice job.

If you’ve never seen one of these before, however, that’s worth fixing. Beyond using good passwords from the get-go, using two-factor authentication — or 2FA — is one of the best ways to make sure your accounts don’t fall into the wrong hands. Think of it as an extra layer of security, one that forces you to prove your identity by sending a code to a device only the real deal would have access to. Frequently, that means our phones. And take it from me: Forgetting to set it up can be costly.

Two years ago, someone gained access to my Airbnb account and managed to book three different stays in Wroclaw, Poland, for the same four-day stretch in early August. Total cost to me: $863.70, all for a trip I had never wanted to take. (That said, Wroclaw does sound like a nice place to spend some time.)

Airbnb eventually sorted everything out, but nothing would’ve needed sorting at all if I had turned on 2FA in the first place. That way, the hacker(s) would’ve needed a special code sent to my phone before they could even think about getting into my account. Even so, 2FA still comes with a catch: Because many of us use our phones to verify our identities, we can too easily find ourselves scrambling when something happens to those devices.

“I use [2FA] for several important websites, including access to banking and other financial needs so my phone has become more important all the time,” reader Hobe Darbyshire wrote in an email to the Help Desk. “What happens if I lose my phone or it gets stolen?”

In situations like these, it can be hard not to think of the worst-case scenarios. Our advice? If you find yourself facing this problem, take a deep breath and work through the following steps.

Leave a Comment

Your email address will not be published.